Описание
Path Traversal in Apache Oozie
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.
Пакеты
Наименование
org.apache.oozie:oozie-core
maven
Затронутые версииВерсия исправления
>= 3.1.3, < 5.0.0
5.0.0
Связанные уязвимости
CVSS3: 6.5
nvd
почти 8 лет назад
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.